CVE-2021-29752: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 versions 11.2 and 11.5 contains an information disclosure vulnerability that exposes remote storage credentials to privileged users under specific conditions. The vulnerability, identified as CVE-2021-29752, was disclosed and assigned a CVSS base score of 4.4 (Medium) (IBM Security, NVD).

The vulnerability has been assigned a CVSS vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N, indicating that it requires network access, high complexity, and high privileges to exploit, but could result in high confidentiality impact if successfully exploited. The vulnerability specifically affects all fix pack levels of IBM Db2 V11.1 and V11.5 editions on all platforms, while versions 9.7, 10.1, and 10.5 are not impacted (IBM Security).

Successful exploitation of this vulnerability could lead to the disclosure of sensitive information, specifically remote storage credentials, when accessed by privileged users under certain conditions (NetApp Security, IBM Security).

IBM has released special builds containing interim fixes for affected versions. For V11.1.4 FP6, special builds are available for various platforms including AIX, Linux, Solaris, and Windows. For V11.5, the fix is included in version 11.5.7. These patches can be applied to any affected fixpack level of the appropriate release to remediate the vulnerability (IBM Security).